Legal Considerations of E-commerce of Taiwan: Development and the Status Quo

I. Preamble

1. Current Situation of E-Commerce

Along with rapid developments of the information and the Internet, what follows in suit is inevitably the electronicalization in general industries. Nowadays, countries around the world accelerate exploitation of information technologies and management methods to enhance their capability of competition. Developments in digitalization have brought traditional business concerns to face rigorous challenge as regards both the nature of the business and the context of same, as well, in more recent years incidents such as Internet data exposition and on-line fraud have happened over and over again. Contentions of on-line transaction have also increased a great deal while some illegal websites proclaimed themselves to be legal ones. All these situations point to the importance of building up legislation on e-commerce and cyber environment. No less important is the buildup of more reliable environments friendly to electronic trades as to which the government should take into account the needs voiced from both suppliers and buyers in an effort to put into effects relevant implementations conducive to benignant developments of e-commerce.

In the meantime, the entire B2C e-commerce market is going through unprecedented fusion, ongoing merging and cross application is seen in varied on-line transactions including TV shopping, Internet shopping, mobile shopping, e-mail shopping and so on, growing more tense than ever are integration in the context of http://bilingualdb.rdec.gov.tw/BilingWeb/bl_showworddetails.asplogistics,cash flow, exchange of information, and transactions, in addition, interchange of platforms and horizontal consolidation of varied equipments are indication enough that looking into the future, what looms ahead is a service-oriented, attention-intensive era of economy; by taking into good account consumers' actual needs, convenience and economies, these supplemented with customized service delivery, the intending party can realize phenomenal profits well beyond estimation; considering that the B2C business world is continually renovating its latest technology or application (the Skype, for example) better yet management model is required to strike profits (such as diggings of killer APs, Killer access Devices, Killer channels, Killer business models and their applications), and therein lies the orientation for efforts to be spent in so far as the future of the B2C e-commerce is concerned.

By the outcome of the B2C Business Strategy Conference closing as of both 2004 and 2005,the current B2C e-commerce of Taiwan is fighting hard to cross the gap of lag in family Internet shopping rates (13% in 2003, grown up to 19.6% by 2005), if relevant technology matures and breaks various obstacles against B2C e-commerce, it is safe to say that by 2007 will come the mainstream epoch for Internet shopping vogue, and that is good enough for what one could envision for the B2C e-commerce. Reliable survey conducted for relevant projects indicates that the on-line shopping market over the year 2005 is estimated at approx. NT$51,073,000,000, reflecting a growth of 47% over the correspondent field of NT$34,720,000,000 realized in 2004, hopefully the growth may hit around 43% by the year 2006, estimation: NT$73,146,000,000; in the year 2005 the overall retail market realized a revenue of approx. NT$3,090,297,000,000 of which roughly 1.65% was due to contribution from on-line retail sales, estimation shows that by the year 2009 the on-line shopping market will expand to around NT$154,475,000,000. All of the survey digits clearly show that there is still much to expect of our domestic electronically subordinated markets, for which a growth potential always exists.

2. Implementation strategies and policy directions

Over the nearly twenty years in the past the US has been strategically employed varied technologies associated with e-commerce at large, for the promotion of e-commerce and that has fetched a hit over Japanese business industry that was long-timed noted for their high quality struck at relatively low-profile cost image, and at the same time switched the fading stage of the US economy up to the rosy side. What makes e-commerce so much a marvel? Well, the secret is in fact simple enough, for in the wake of contemporary atmosphere for competition centering on internationalization and globalization, the only recipe for success and survival for any business is simply the triplicate: “Speed”, “Flexibility” and “Creativity”; e-commerce not only timely satisfied these needs, it plays a key role in this respect all at once, such that any responsive and responsible business executive would but have to admit that “Without getting electronic, you can expect no more orders”.

In awe of this wake trend going for entrepreneurial electronic synonymous with e-commerce, our government has been keeping a keen eye on the position of modern e-commerce around the world. In addition, it has charged relevant departmental agencies to attend to the development and planning of domestic e-commerce to begin with the Ministry of Economic Affairs firstly accomplished Electronic Commerce Model System recommended for Business-to-Business (B2B) in the Informative Segment, the indicial system for electronic industry for our country is thereby established, and this by and by has extended to other kinds of industry; in the meantime, efforts have been shed to expel lots of bottlenecks facing the electronic of all and sundry industries as regards the environmental nods and the institutional node. Years of governmental efforts in this concern have seen results in the context of our domestic industries vying one another in the startup of getting involved in electronic operation. It is safe and fair to say that up to this date the e-commerce development in this country, already soundly founded, and is still growing avidly and rapidly.

Because of the application of information has already become a sharp tool for advanced countries in upgrading their competitive margin in global markets, the premise being as such, countries have one by one promulgated their national information expertise development projects with a view to get going infrastructures information and communication constructions on a national scale. Here in this country relevant constructions have begun as early as back in the year 1994, the Executive Yuan has ratified the “National Information/Communication Infrastructure Implementation Plan” in the year 1997; in June 1999 the “Industrial Automation Plan” ratified previously was upgraded to a combined “Industrial Automation and Electronicalization Plan” for the purpose of promoting industrial competition margin.

By the year 2001 our government, in view of societal need for general information as well as technical renovation that comes as a result of advances in information/communication technology, and through collective consultation and resource consolidation, founded a National Information and Communication Initiative Team (NICI Team) whose mission is to implement NICI Projects, while the priory founded Industrial Automation and Electronicalization Plan continued to function in the name of the “Industrial Electronic” Work Group under said NICI Project, in addition, a consensus has been reached that the implementation of information/communication know-how be regarded as playing a key role in the promotion of overall national competitive competency.

II. Legislative Demands for the Development of e-Commerce in Taiwan

1. Trend of international legislation

Under the ongoing trend of globalization and internationalization, transnational communication and transaction blooms fervently, a universal expectation shared by nations around the world is that concrete and clear-cut legislations be adopted to rule out obstacles to developments of electronic transactions due to inadequacy of statutory provisions or proscriptions. Whatever the contents of legislation from one state to another, the primary object is unexceptionally to promote developments of electronic transactions by the institutional introduction and intervention in all respects concerned. Phrased otherwise, the key role played by laws governing electronic transactions lies in presentation as enabling or supplemental laws to serve as legal basis with respect to issues where conventional institution fails to see or proves inept; whereas issues or legal interactions facing common transactions equivalent to traditional trades will still abide by conventional statutes, still, the ongoing trend respecting the same electronic trades on international communities calls not for the creation of new laws, but in installing legislation on issues not being covered in currently enforced statutes. Other countries facing issues relating to electronic transactions will not reason with reference exclusively to traditional civil or commercial codes by ignoring electronic trade codes or vice versa, instead they will rely upon both traditional codes and relatively regulations related to electronicalization, at the same time.

2. Legislation of e-commerce: Necessity and Orientation for Deliberation

Speaking of legal concerns possibly facing application of electronic trades, with legal effects to the extent acknowledged according to laws governing transactions executed by “Electronic Signatures ACT” with respect to electronic documents being excepted, party autonomy and the principle of freedom to contract will prevail, still, contractual contentions otherwise occurring in the course of transaction will be subjected to relevant civil or commercial codes all the same, and that having nothing to do with pertinent electronicalization legislations. Considering the practical aspects, competency of legal intervention in the course of concluding of contracts involving electronic transactions deserves deliberation in the context of practical needs. Apart from relevant issues seen in a contract, matters such as competency of law respecting trades of digitalized merchandises, respecting protection of consumers in respect of which the law is already there, and respecting privacy protection, are all of vital interest to parties in executing any electronic transactions. Other issues which warrant close inspections considering a piece of electronic trade include; legislation with respect to cash flow, to material flow and practices, to whatever affects the proper rights of parties to a trade, to attempts to use the Internet as a criminal means, to situations where violation of safety of trade or order of trade arises; to issues relevant to competency of proof considering electronic documents, electronic signatures in the event of dispute out of a piece of electronic trade; and eventually, responsibilities on the part of ISP who forms a part of a piece of electronic trade, as well as electronic jump mail (spam), because all of them could undermine the development of electronic transactions.

III. Taiwan Legislation on Electronic Commerce: the Status Quo and the Outlook in the Future

The arrival of digital era has broken down the fence by which the world for ages has been defended, the e-commerce is taking up the place of traditional marketing scheme and outlets in giant strides, and has virtually become the focus of economy in the current era, Still, new fangled trade modes emerging from day to day in step with electronic modern business operators are impinging upon existent legal systems here in this country and that without any letup, such that the traditional philosophy of legislation is compelled to reorient itself to meet the impending challenge of our times.

The most important of interest to a wholesome development of e-commerce lies in the creation of a benignant legislation structure. However, it is a pity that the creation of electronic commercial codes is a very complicated institutionalized project, considering that apart from electronic documents and electronic signature, the electronic transaction by and large will involve legislation specific to civil, criminal and otherwise legal fields, encompassing key issues including: contractual relationship, electronic taxation, electronic cash flow, network jurisdiction and protection extended to consumers. Given the foregoing disclosure, it is rightly with a view to attend to smooth developments of electronic trades, to secure a wholesome transaction environment, and to safeguard the proper interests of network users, that the importance of a wholesome legislation structure is set off all the more obviously.

Seeing that the crucial key to nationwide practicing of so-called electronic transaction or trade and to the meaningful functioning of an electronic government lies indispensably in the creation of a safe and reliable network environment, so that information in the process of internet transmission is ensured against falsification, fabrication or theft, will allow for identifying of the identity of both parties to the transaction, and henceforth, preclusion of denying by either party of the transaction afterwards, that therein lies the key to the universality of an electronic government and of the implementation of electronic transaction, as a matter of fact here in Taiwan the “Electronic Signature Act” was ratified in 2001, and the same put into practice in April, the year next to 2001, This code accords electronic documents and e-signatures which fulfill prescribed requirements the same legal effects as would be granted to traditional paper documents or signatures, and specifies certifying agents based on low-profile control means. Next in both 2003 and 2004 respectively, the competent authorities have put into effect subordinating statutes including: “The Enforcement Rules of Electronic Signature Act”, “Regulations on Required Information for Certification Practice Statements” and “Regulations Governing Permission of Foreign Certification Service Providers”, with a view to comprehensive coverage of codes specifying control of electronic signatures, to the safeguarding of environments for credible electronic signatures, and all these meant for access with international counterparts.

The Electronic Signature Act specifies essentially “electronic documents” which carry information specified as electronic transactions (the specification includes what is known as electronic government), and “electronic signatures” produced by parties thereto and as appearing thereon. Electronic transaction is based on computerized network and electronic technology bear advantages over traditional commences in terms of convenience, effectiveness, scope of coverage, low-profile trade costs, among other considerations, for all these reasons will better meet the information age that is ours today and the challenge for globalization of trade and economy everywhere, that is why they develop so fast and find wider and wider application from day to day.

Legislation of electronic transaction is not meant to establish a rule of regulations that will totally replace correspondent laws erected earlier in years bygone, it starts out in the beginning to address unique legal complications that arose because of substantial change having taken place as regards means and manner of transaction. The newly arisen legal problems originated from the unique feature of electronic transaction itself, what comes in suit is the global, universal, international, technical and inter-territorial nature of codifications governing electronic commences, Currently legislation of e-commerce around the world is classifiable into those which relates to promotion or macroscopically policy of electronic transactions, synoptic codification of electronic transactions, codification of electronic signatures, codification of environments friendly to electronic commences. (Comprising: protection of consumers, protection of privacy) After reviewing different specifications of electronic transactions from international sources, one is convinced that differentiation in legislation of electronic trades from one state to another is much more a result of policy election than that of pure legislates.

Notwithstanding that over the last decade legislation of electronic commerce that is seen globally ran fast, every state tries hard to bring up a full set of codes on electronic commerce/transaction in the shortest possible period so as to effect timely control of electronic transactions which themselves are renovating with no less fast a speed, however, it is a pity that electronic commerce goes deep into a number of specific fields, crossing legal, scientific and technical realms, and its application extends deep into varied day-to-day layer, such that the scope of legislation of electronic commerce/transaction has run afar to limits beyond imagination, forcing international organizations and economic entities to issue model codes and directives for their member states to adopt as norms for comparable legislations.

Nevertheless, after being cut into effect for several years, problems emerged one after another with electronic commerce/transaction codes, including electronic signatures act; the situation is the same in countries all over the world, in Hong Kong, where Electronic Transactions Ordinance as amended have been promulgated in 2004, in Singapore, where triplicate-phased public inquiry in written form have been proffered successively in 2003 and 2005, whereby public suggestions are solicited as references to subsequent revisions; whereas on the other hand, the United Nations have erected protocols addressed to issues arising in the course of concluding of international electronic contracts to complement the “UNCITRAL Model Law on Electronic Commerce of 1996” and the “UNCITRAL Model Law on Electronic Signatures of 2000”.

A common guideline for legislation at Legislature Agency is: “Adequate Regulation, Leaving Leverage, Conducing to Development”, in order to provide suitable legislation frame as soon as possible, a Legislature Agency would but offer sketchy outline to allow for space appropriate for future development of the newly emerging e-commerce world. So there is little wonder that Taiwan's electronic signature relevant rules have been cited as the most succinctly structured electronic signature code anywhere on the globe, as such, its contents are restricted but to controls of electronic signatures, failing largely to deal with the highly mutable electronically transacted business activities and trades. Four years have elapsed since the implementation of the electronic signature code, in view of the ever-changing environments of e-commerce, statutes currently in force have proved inadequate or behind time, if only present status and future demands of e-commerce are to be taken into account in step with emerging trends in global legislation as well as newly arisen commercial modes, it is truly time to review and amend current codes. To build a wholesome environment for the e-commerce industry, local competent authorities have already effected general review of current electronic signature rules by taking into account: how the current regulations have been working, international developmental trends, the latest development of relevant technology, and put forth recommendations on amendments of current codes after reviewing ongoing trends of legislation seen in Singapore, Hong Kong and the United Nations. Their amendments to their existent codes included, underway are our amending of scope of application of current codes so that a good match is possible with practical reality, such that the code is renamed to read as “Electronic Signature and Transaction Act”, the keynote being to enlarge scope of application of both electronic documents and electronic signatures, inclusion of regulations relevant to electronic trades and strengthening of currently existent authentication agencies in terms of their management capabilities, Also, to lay firm practice of electronic signature and transaction norms, amendments where necessary of relevant by-laws are being prosecuted at the same time, in this connection drafts in progress includes: “Amendments of The Enforcement Rules of Electronic Signature Act (Draft)”, “The Regulations for the Examination of Eligibility of Executive Agencies Exempt from the Application of Electronic Signature Act (Draft)”, “The Regulations on Certification Authority Agency (Draft)”, and “The Regulations of Guidance to Electronic Signatures and Transactions (Draft)”.

So in short competent governmental agencies by now have begun to earnestly review current laws, drafting amendments thereto or considering legislation of new laws, whilst comprehensive planning addressed to future trends of our electronic transaction codes is also on the agenda. Without touching the prime framework of the Electronic Signatures Act that is currently in force, we are working on amendments of that code, for the reason that such is a way that incurs the least possible costs, so to say, all issues which electronic trades will or might face are titleogether included in the codification process, this serving to rule out overlapping of statutory provisions, what is made possible all at once is elucidation as to any amendment or draft incurred on the basis of current codes, backed with policy directive or de facto needs, and that effort conducive to collateral correlation with international reality.

Issues as to which and what topics should be included in the scope of protocol for amendment of the Electronic Signature Act, including, for example, exemption eligibility and periodical review, as to those that would warrant enactment of dependent codes by competent authority authorized pursuant to said protocol, those which should be left to competent authorities in charge of other object enterprises to exercise their options as to erection of new laws or more preferably, amendment of current laws, ISP relevant provisions, for example, would have to be jointly deliberated and coordinated by and among experts representing respectively the government, the industry concerned, the academic circle, and the researching elites, that being a necessary requisite procedure to the setup of a milestone marking the structuring of an irreproachable electronic transaction mechanism here in this country. Up to the present day, trailing tight behind the development of electronic trade industry this country is equipped with substantially adequate codes, in the foreseeable future, current laws will still be reviewed with reference to the many unique features of the electronic trade industry to make amendments where justifiable, so as to make our codes more perfect. The orientation for future efforts can roughly be summed up in 7 points outlined below:

1. Guideline of Legal Mechanism to Resolve Electronic Transaction/Commerce Issues

The legislation theme considering the electronicalized dominant reality today in our country is set on the keynote of the electronic signature codes,in so far as a legal action is committed by reason of electronic operation, to the extent that what is provided in currently enforced law is thus involved, then any jurisprudent discussion in that context will honor as principal the freedom to contract as provided in civil codes, and regard as exceptional legally required act, this being the premise, in the process of law enactments, principles that must be met include:

Firstly, the market oriented principle, it seems that the leading position ought to be taken by private enterprises where the matter relates to development of e-commerce, that business need not be a constrained industry;

Secondly, refraining from imposing any restraint on the e-commerce transaction, what a government must do is to participate an seldom as possible, and to refrain from meddling to the extent appropriate, it follows then that it should avoid imposing additional or unnecessary restriction upon commercial activities prosecuted via world wide web or electronic trades, considered as such are; troublesome procedures or formalities, tax duties additionally levied or additional fees;

Thirdly, the sole reason for governmental intervention would be; to reinforce and back up a predictable, a most simple, easy, and contextually consistent environment in which to legally bind electronic commercial activities;

Fourthly, understanding the unique features that characterize electronic commerce, effect earnest review and amendment where justified, of that part of current laws or ordinances susceptible of obstructing development of electronic trades, or titleernatively effect new order or scheme, regulation to adapt to possible development of electronic trades;

Lastly, implementation of electronic trade activities are globally motivated, the establishment of a globally unified unique code to govern electronic trade activities to put aside traditional legal systems varying from one country to the next, will boost up confidence on the part of those engaged in electronic trade activities.

2. Legislation be concerned with International Paralleling

As having been stated hereinabove, a guideline for legislation is: adequate regulation, leaving leverage, conducing to development. Since after having been put into practice for years, multiple problems emerged one by one, is almost a rule for many nations where legislation of electronic commerce/transaction or electronic signature codes was introduced, and that evidenced by the publication of the amended Electronic Transactions Ordinance, 2004, Hong Kong; open invitation to the public for suggestions, 2003 and 2005, Singapore, for reference for amendments; the UN Protocol drafted to deal with interrelated problems arising out of the processes of concluding of international electronically related contracts. A common keynote in the institutionalizing of electronic transaction codes among international communities is that in addition to the legal status invested upon electronic documents, electronic signatures, provisions are made to protect fair trade principle, fair competition, consumer’s proper interests, intellectual proprieties and privacy, paralleled with means and measures to encourage supervision, effective mediation and discourage criminal undertakings, while the governmental policy tends to assume a non-restrictive, market-oriented tune, to keep to the minimum any governmental intervention, and unwarranted constraints, the same is, just as it should be the guideline for the instituting of electronic transaction codes here in this country so as to keep abreast with international realities, and that conducive to making out the utmost of advantages possible out of electronic transaction activities on the worldwide stage.

3. Deliberation of the Electronicalized Dominance Legalization be in Parallel with Newly Emerged Applications and Development of Transaction Modes

Due to the technology involved in striking a deal executed electronically, one piece of electronic trade on the point of conclusion is not as simple as traditional modes of transaction by virtue of the preclusion of both time and space restrictions, so to speak, application of electronic mode of transaction may very well result in situations beyond restriction through traditional legal constraints or theoretic reasoning. Such trade modes, by reason of its unique transaction feature, gave way to contention as to incompatibility with traditional statutory constraints, this is briefly a common dilemma facing all the nations around the world, and they all betake themselves in the working for whatever is possible to regulate and control electronic transactions through legislative means and innovations. Not to mention the complexity of legal intervention in case of transnational transactions prosecuted electronically, again, by reason of the unique feature characterizing electronic transaction, so a basic tune for the working toward the formulation of electronic trade legislation is the buildup of consensus so as to being domestic effort in alignment with international reality.

4. Studies on the Topics of Digitalized Merchandise

Any trade of digitalized goods, without regard to whether such is taken as a commodity pursuant to civil codes, would hardly quality for being categorized as sort of authorization or anonymous contract, they would more appropriately be ascribed as like purchase vs. sale and be detitle with accordingly. Given that on-line delivery or downloading, albeit differing from the transfer delivery that is specified in civil codes, still, want of material delivery would not necessarily mean want of legally deemed transfer or delivery. That intangible network transmission would grant the purchaser de facto control of the object in question, then ascertaining of the point of time of transfer of risk, may very well be prosecuted in accordance with provisions in the civil code. As regards assumption of responsibility for flaw, trade of commercial software against on-line payment may reasonably be regarded as categorized debt against which buyer is entitled to delivery of flawless commodity; as to reinstatement of obligations upon dissolution of contract, the point lies not with returning of the object as received, but with returning of the right to use the software concerned, In the event of virus being entrained with the purchase which is an object in question, damage incurred to the buyer is usually in the form of damaged hardware or falsification, deletion of files, that of loss of inherent interests, as to such forms of damage or loss buyer may exercise multiple means of indemnifications, still, the legal status of filed date and principle to quantify such loss in view of indemnification will have to be defined commensurate with evolution of both theory and practice. Overall, as far as transactions of software against on-line payment are concerned, civil law as is still adequate without much ado.

As to the question whether digitalized commodities qualify for postal trades where Consumer Protection Law applies, to balance the proper interests claimable to both consumers and the entrepreneur, and to rule out consumer's abuse of rights where ethics is at risk, it is fit and proper to restrict or rule out the transaction of certain commodities under specified categories, For one thing, considering the risks of digital date or digitalized commodities containing digitalized information, in respect of which copying or reproduction is as easy an pie, as to which it is not easy to ascertain whether the consumer has indeed returned the utility right, there is reason to doubt the suitability of granting unilaterally the consumer the right of rejection. Still, in so far as the digitalized commodity remains unopened, or that it is supplied with copying or reproduction procedures, product initiation means, then the risk of copying or reproduction is ruled out and in this instance Consumer Protection Law should apply notwithstanding.

5. Topics Relating to Consumer Protection and Privacy Protection

The latest amendment to Consumer Protection Law with respect to electronic trades by including postal purchase on the Internet under Article 2 Section 10, and by the addition of Article 19-1 to allow for the application of the Hesitation Period respecting postal purchase trades, means more comprehensive protection for on-line consumers all right, still, due to the riddling complexity of the operation of electronic commerce at least a portion of the contents of transaction hardly fit the latest provisions in Consumer Protection Law, such that conflict seems to have emerged between protection for the consumers and reasonable risks borne by the entrepreneur. It is therefore suggested that the competent authorities consult the “Distance Marketing of Consumer Financial Services Directive (Directive 97/7/EC)” issued by the European Union with regard to the exclusion of contractual obligations, and conduct a comprehensive review of contents possible for inclusion in a piece of electronic transaction so as to delete commodities or services inappropriate for stipulation under Article 19 and article 19-1 by amendments to existent legislation, both administration and legislature ought to reinforce efforts in relevant protection mechanism to meet the challenging the Internet Age of our times paralleled with efforts to go in line with ongoing trends for consumer's protection on the international scenario.

Next, responding to the point of key interest to consumers regarding protection of personal date entangled in B2C electronic transactions, the Ministry of Justice has publicized the protocol of amendments to Personal Date Act, whereby the scope of coverage extend to overall latitudes without discrimination, incorporating the obligation to serve notice respecting the collection and use of data, restriction on the collection of children's data and of sensitive data, group litigation, and increase of indemnity amounts. Upon legislative ratification of amendments to Personal Data Protection Act in the future, operators of electronic trades will have to face certain restrictions collecting data on websites in addition to being charged with duty of notice, so that without securing consent from the person whose data is being solicited for collection, the operator may not engage in inappropriate use, let alone selling of personal data in question, it is anticipated that our existent on-line marketing mode would hence go through substantial change. To prevent operators of electronic transactions in this country from frustrations adapting to the forthcoming statutory amendments, it is suggested that the competent authorities upon legislation of said amendments prepare models of policy for protection of personal privacy confronting operation of electronic transactions.

6. Topics Relating to Cash Flow

titlehough respecting electronic transactions, safe payment scheme has already been established for the market; further to that, the Banking Bureau of the Financial Supervisory Commission, Executive Yuan, has published aimed at web banking operations “Pattern Contracts for Personal Computerized Banking Services and Web Banking Service” and stipulated “Criterion for Banking Institution's Operation and Safety Control of Electronic Banking Services”, to ascertain safeguarding of web payments; as regards petty payments amendment has been made to Banking Law by the introduction of Article 42-1, whereby cash buildup cards derive their legality basis, along with Procedures governing Bank's issue of cash buildup cards implemented such that such cards are available for on-line transactions, these are much in the promotion phase, yet distant to universal application. In practice, it is common and popular for credit cards to be used in on-line transactions, still, such form of payment could strike a potential risk for the card owners, to effectively protect card owners' safety at consumption and proper interests, it is suggested that the competent authorities promptly institute “Pattern Contract Terms Respecting Web Transactions Using Credit Cards” to meet inadequacies of stipulation on credit card operation over on-line transactions. Concurrent with the increased frequency of cash flow via the internet, there may develop more of payment tools in the foreseeable future, and more funds may come and go via the Net, however, the existent legislation respecting electronic transfer of funds currently is far from adequate, it is appealed that the competent authorities institute relevant legislation in time to help build a sound and wholesome environment for out net financial industry as well.

7. Tax Related Topics

Internationally there has not reached, to this day, unified consensus respecting complicated net taxing policy, since that taxation with respect to on-line transactions is not as simplistic as would suffice the notion that “as long as there is income, there is duty”, it involves by and large concerns such as development of the Internet industry, fairness of taxation and even national competition, so in so far as net taxation is concerned, the concern should extend to deliberation of complementally measures apart from just reviewing if existent taxation laws are adequate for exploitation and in the negative case, if ad hoc stipulation is required

※Legal Considerations of E-commerce of Taiwan: Development and the Status Quo,STLI, https://stli.iii.org.tw/en/article-detail.aspx?no=105&tp=2&i=170&d=6122 (Date:2024/04/21)
Quote this paper
You may be interested
Brief Introduction to “European Union’s Recommendations for QTSPs Based on Standards”

Brief Introduction to “European Union’s Recommendations for QTSPs Based on Standards” 2022/06/24 I. Introduction   The Electronic Identification and Trust Services Regulation (eIDAS)[1] of the European Union was passed in 2014 and came into effect in July 2016. The eIDAS consists of six chapters and its core elements are covered in two parts: Chapter 2 Electronic Identification and Chapter 3 Trust Services. Chapter 3 provides the legal framework for trust services (TS) in relation to electronic transactions and encompasses electronic signatures, electronic seals, electronic time stamps, electronic registered delivery services and website authentication. Each trust service can be provided by trust service providers (TSP) or qualified trust service providers (QTSP). Qualification from the supervisory authority of each member state is required to become a QTSP and provide qualified trust services (QTS).   In March 2021, the European Union Agency for Cybersecurity (ENISA) published “Recommendations For QTSPs Based On Standards[2]” for those interested in becoming QTSPs. II. Highlights   The eIDAS is technology neutral regarding trust service security requirements, without specifying any technology. In other words, TSP can achieve the level of security required by the eIDAS with different technologies. In fact, the European Union hopes to drive standardization with common grounds gradually formed with industry self-regulation in the legal framework and the trust framework under the eIDAS[3].   Since 2009, the European Union has been formulating the standardisation framework related to electronic signatures with the assistance from standardization bodies such as European Committee for Standardization (CEN) and European Telecommunications Standards Institute (ETSI). The vision is to establish a comprehensive standardization framework to resolve the problems of using electronic signatures across borders within the European Union. A series of standards on electronic signatures and relevant trust services have been put in place, to meet the international requirements and the eIDAS[4]. The ETSI/CEN standards of digital signatures related to QTSP are as follows[5]: 1. Provision of qualified certificates for electronic signatures (Article 28 of the eIDAS)   ETSI EN 319 411-2 (and in adherence to EN 319 401, EN 319 411-1, EN 319 412-2 and EN 319 412-5). 2. Provision of qualified certificates for electronic seals (Article 38 of the eIDAS)   ETSI EN 319 411-2 (and in adherence to EN 319 401, EN 319 411-1, EN 319 412-3 and EN 319 412-5). 3. Provision of qualified certificates for website authentication (Article 45 of the eIDAS)   ETSI EN 319 411-2 (and in adherence to EN 319 401, EN 319 411-1, EN 319 412-4 and EN 319 412-5). 4. Qualified electronic time stamping service (Article 42 of the eIDAS)   ETSI EN 319 421 (and in adherence to EN 319 401), EN 319 422. 5. Qualified validation service for qualified electronic signatures (Article 33 of the eIDAS)   ETSI TS 119 441 (and in adherence to EN 319 401), TS 119 442, EN 319 102-1, TS 119 102-2 and TS 119 172-4. 6. Qualified validation service for qualified electronic seals (Article 40 of the eIDAS)   ETSI TS 119 441 (and in adherence to EN 319 401), TS 119 442, EN 319 102-1, TS 119 102-2 and TS 119 172-4. 7. Qualified preservation service for qualified electronic signatures (Article 34 of the eIDAS)   ETSI EN 319 401, TS 119 511 and TS 119 512. 8. Qualified preservation service for qualified electronic seals; (Article 40 of the eIDAS)   ETSI EN 319 401, TS 119 511 and TS 119 512. 9. Qualified electronic registered delivery service (Article 44 of the eIDAS)   ETSI EN 319 401, EN 319 521, EN 319 522, EN 319 531 and EN 319 532. III. Comment and Analysis   The ENISA recommendations demonstrate the European Union’s intention to encourage ICT service providers to become QTSPs by introducing relevant standards in electronic signatures formulated by the European Union standardization bodies. The purpose is to provide companies and users in the European Union with more secure and trustworthy services in relation to electronic signatures. This enhances the confidence of users and promotes the vibrant development of electronic transactions throughout the European Union.   Over recent years, Taiwanese companies have been proactively involved in digital transformation. The process toward digitalization often requires assistance from external ICT service providers. However, the unfamiliarity in ICT makes it difficult for companies to judge the professional expertise of providers. Perhaps companies can refer to the introduction above to understand whether a provider meets the requirements of the European Union standards. This serves as a basis for the selection of ICT service providers to ensure a certain level of competences. This will be beneficial to the digital transformation and entrance in the European Union market for companies. [1] Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2014.257.01.0073.01.ENG (last visited Jun. 24, 2022). [2] European Union Agency for Cybersecurity [ENISA], Recommendations for Qualified Trust Service Providers based on Standards (2021), https://www.enisa.europa.eu/publications/reccomendations-for-qtsps-based-on-standards (last visited Jun. 24, 2022). [3] id. at 8 [4] id. at 8-9. [5] id. at 11-12

Legal Aspects and Liability Issues Concerning Autonomous Ships

Legal Aspects and Liability Issues Concerning Autonomous Ships   All sectors of business and industry are transforming into digital society, and maritime sector is not out of the case. But the new thing is the remote control ships or fully automatics ships are becoming a reality.   Remote control ships and autonomous ships will be a tool to reach safety, effectiveness, and economical goal. However, as it intends to take over human element in the maritime industry, the implement of remote control ships or autonomous ships brings new legal issues and liability considerations.   This study aims to highlight some critical legal issues of autonomous ships to reader, but will not try to solve them or give clear answers. I. The Approach of International Maritime Organization   In order to solve issues from the deployment of autonomous ship, International Maritime Organization Maritime Safety Committee (MSC) has taken first steps to address autonomous ships. In the meeting of MSC 100, the committee approved the process of assessing IMO instruments to see how they may apply to ships with various degrees of autonomy.   For each instrument related to maritime safety and security, and for each degree of autonomy, provisions will be identified when: apply to MASS and prevent MASS operations; or apply to MASS and do not prevent MASS operations and require no actions; or apply to MASS and do not prevent MASS operations but may need to be amended or clarified, and/or may contain gaps; or have no application to MASS operations.   The degrees of autonomy identified for the purpose of the scoping exercise are: Degree one: Ship with automated processes and decision support: Seafarers are on board to operate and control shipboard systems and functions. Some operations may be automated and at times be unsupervised but the seafarers on board are ready to take control. Degree two: Remotely controlled ship with seafarers on board: The ship is controlled and operated from another location. Seafarers are available on board to take control and to operate the shipboard systems and functions. Degree three: Remotely controlled ship without seafarers on board: The ship is controlled and operated from another location. There are no seafarers on board. Degree four: Fully autonomous ship: The operating system of the ship is able to make decisions and determine actions by itself.   The initial review of instruments under the purview of the Maritime Safety Committee will be conducted during the first half of 2019 by a number of volunteering Member States, with the support of interested international organizations. MSC working group is expected to meet in September 2019 to move forward with the process with the aim of completing the regulatory scoping exercise in 2020.   The list of instruments to be covered in the MSC’s scoping exercise for MASS includes those covering safety (International Convention for the Safety of Life at Sea, SOLAS); collision regulations (The International Regulations for Preventing Collisions at Sea, COLREG); loading and stability (International Convention on Load Lines, Load Lines); training of seafarers and fishers (International Convention on Standards of Training, Certification and Watchkeeping for Seafarers, STCW); search and rescue (International Convention on Maritime Search and Rescue, SAR); tonnage measurement (International Convention on Tonnage Measurement of Ships, Tonnage Convention); Safe Containers (International Convention for Safe Containers, CSC); and special trade passenger ship instruments (Special Trade Passenger Ships Agreement, STP).   IMO will also develop guidelines on MASS trial. The guideline include ensuring that such guidelines should be generic and goal-based, and taking a precautionary approach to ensuring the safe, secure and environmentally sound operation of MASS. Interested parties were invited to submit proposals to the next session of the Committee for the future development of the principles. II. Other Legal issues concerning Autonomous Ships   In March 2017, the (Comité Maritime International, CMI) Working Group on Unmanned Ships circulated a questionnaire. The questionnaire aimed to identify the nature and extent of potential obstacles in the current international legal framework to the introduction to (wholly or partly) unmanned ships. The questionnaire can be summarized into the following legal issues. The legal definition and registration of the remote control ship and autonomous ship The definition of remote control or autonomous ship is based on the purpose of each individual convention. Current international conventions regulating ships do not generally contain recognized definition of the “Ship” and “Vessel”. However, due to its geographical feature, countries tend to have different safety requirement for ships; therefore, even the definition of remote control or autonomous ships given by international regulations, may not be accepted by national register of ships. For example, according to the reply to the questionnaire from Argentina association of maritime law, Argentina Navigation Act prescribes that in order to register a ship in the Argentine Register, regulatory requirements regarding construction and seaworthiness must be fulfilled. However, there are no rules regarding the registration of remote control ships or autonomous ships, as current act are based on the existence of crew on board. The unmanned ships would not be registered by Argentina Registry of ships. At present, the fragmentation of the definition and registration of ships can affect the deployment and application of remote control ships or autonomous ships. Due to the feature of shipping, which is related to the global transportation network, the definition and registration issue had better be solved at international level by International Maritime Organization (IMO). Legal issue of the seafarer International Convention on Standard of Training Certification and Watchkeeping (STCW) 1978 sets minimum qualification standard for masters, officers and watch personnel on seagoing merchant ships and large yachts. In the sight of replacing human operator on board with machine, will the convention find no application to remotely controlled or autonomous unmanned ships? The research of CMI points out the maritime law associations of Finland, Panama and United State assume that the STCW convention would likely apply to shore-based personnel as well in excepted circumstances where there is no new specific legislation. And the British maritime law association states that regardless of whether STCW would apply to unmanned operation or not, it is clear that certain provisions on training and competence would not apply to shore-based controller and other personnel. Japanese maritime association also states that although the convention does not find application to a remotely controlled unmanned ship, certain rules requiring watchkeeping officers to be presented may nevertheless arguably be interpreted to render an unmanned ship in breach of STCW and to that extent be applicable to unmanned ships. Therefore the amendment of convention seems inevitable. Standing on the other side, the Institute of Marine Engineering Science & Technology recommended that pairing human with machine effectively to enhance human intelligence and performance rather than totally replacing human is an area that should not be overlooked. Even if the application of unmanned ships comes in reality, seafarer skill will still remain an essential component in the long term future of the shipping sector. The minimum qualification of masters, officers and watch personnel may not need to be changed. Human error has been used to create a blame culture towards the workforce at sea, and it also results from poor implementation/ introduction/ preparation for new technology. Many studies show that seafarers are worried about the impact of autonomous ships. If the development of autonomous ships means replacing all the human elements on ships, people who work in marine sector will not accept those novel technologies easily, and this won’t lead to a safer future of maritime industry. Safety requirement of the remote control ship and autonomous ship Rule 8 (a) and rule 5 of the international regulation for preventing collisions at sea, 1972(COLREGS) require the operation of ships to comply with the duty of “good seamanship”, “proper lookout”. These rules are based on the operation by human, thus, leading to the following two questions: (1) Would the operation of unmanned ship contrary to the duty of “good seamanship”? The duty of good seamanship emphasizes the importance of human experiences and judgments in the operation of a vessel, and the adaptability of responses provided by good seamanship. Whether an autonomous ship would be able to reach this level of adaptive judgment would depend on the sophistication of its autonomous system. According to CMI’s research, the maritime law associations of countries including Argentina, British, Canada, China, German, Japan and Panama emphasize the requirement that autonomous ship must be at least as safe as ships operated by a qualified crew. (2) Would the proper lookout sets in rule 5 satisfied by camera and aural censoring equipment? COLREG rule 5 has two vital elements. First, crew on the bridge should pay attention to everything, not just looking ahead out of the bridge windows but looking all around the vessel, using all senses and all personnel equipment. Second, use all information continuously to assess the situation your vessel is in and the risk of collision. In this context, if the sensors and transmission equipment are sufficient to enable an appraisal of the information received in a similar manner available as if the controller was on board, then Rule 5 should be considered satisfied. However, it is unlikely that fully autonomous ship could comply with rule 5. It depends on the sophistication of its autonomous system. If the technology is unlikely at present to provide as equivalent spatial awareness and appreciation of the vessel’s positon as there are human on board, then rule 5 would not be considered fulfilled. Liability Liability is an important issue which is frequently mentioned in the area of autonomous ship. According to the study of MUNIN in 2015, liability issue of autonomous ship might arise under the following situations: (1) Deviation Suppose a ship was navigating autonomously, and the deviation of the system caused collision damage, how might liability be apportioned between ship-owner and the manufacturers? According to the research of CMI, 10 maritime law associations stated that under its domestic law, the third party may have a claim against the manufactures. (British, Canada, China, Croatia, Dutch, French, Germany, Italy, Spain, Malta) They may do so in tort if negligence on the part of manufacturers can be proved and if this can be shown to be causative of the damage. In European Union, third parties may also claim under Council Directive 85/374/EEC of 25 July 1985 on the approximation of the laws, regulations and administrative provisions of the Member State concerning liability for defective products. (2) Limitation of liability Article 1 of the 1976 convention on limitation of liability of owner of ships provides that ship-owner may limit their liability to all claims arising from any incident. The size of limitation is based upon the tonnage of the ship. Within the convention, the term ship-owner is held to include the ship’s owner, charterer, manager or operator. International conventions dealing with limitation of liability are phrased in neutral terms with regard to the presence of a master or crew; therefore, circumstances in which a ship has no person on board do not appear to undermine the operation of those conventions. (3) Bill of lading Bill of lading is a written document signed on behalf of the owner of ship in which goods are embarked, and the ship-owner acknowledges the receipt of the goods, and undertakes to deliver them at the end of voyage. Typically, the shipper will sign the bill of lading along with the owner of the cargo at the point that shipper takes carriage of the cargo in question. The bill of the lading will then be signed by the cargo’s recipient once it has reached its destination. In other words, the document accompanies the cargo all the time, and is signed by the owner, shipper and recipient. It will generally describe the nature and quantity of goods being shipped. A question arises as in the absence of a master or any crew on board the ship, how will the bill of lading be signed by ship’s master? III. Conclusion   The shipping industry is a rich, highly complex and diverse industry, which has a history of both triumph and tragedy in its adoption of technology. In light of the potential for the remote and autonomous ship, and for the sake of contributing to the assurance of safe and efficient operation, it is better to understand the impact on the industry. The taxonomy of automation between human and machine is vast and complex, especially in the sector of law.   Therefore, before the system can reach fully autonomy and undertake independent, our law should be ready. IV. Reference [1] Comité Maritime International, Maritime Law for Umanned Ships, 2017, available at https://comitemaritime.org/work/unmanned-ships/ (last visited Dec. 25, 2018) [2] MUNIN, D9.3: Quantitative Assessment, Oct. 10, 2015, available at http://www.unmanned-ship.org/munin/news-information/downloads-information-material/munin-papers/ (last visited Dec. 25, 2018) [3] Martime Digitalisation & Communication, MSC 100 set to review MASS regulations, Oct. 23, 2018, available at https://www.marinemec.com/news/view,msc-100-set-to-review-mass-regulations_55609.htm (last visited Dec. 25, 2018) [4] IMAREST, Autonomous Shipping-Putting the human back in the headline, April. 2018, available at https://www.imarest.org/policy-news/institute-news/item/4446-imarest-releases-report-on-the-human-impact-of-autonomous-ships (last visited Dec. 25, 2018) [5] Danish Martime Authority, Analysis of regulatory barriers to the use of autonomous ships(Final Report), Dec. 2017, available at https://www.dma.dk/Documents/Publikationer/Analysis%20of%20Regulatory%20Barriers%20to%20the%20Use%20of%20Autonomous%20Ships.pdf (last visited Dec. 25, 2018)

An Introduction to Taiwan’s Regulations Regarding the Security Maintenance and Administration of Personal Information Files in in Digital Economy Industries

An Introduction to Taiwan’s Regulations Regarding the Security Maintenance and Administration of Personal Information Files in in Digital Economy Industries 2023/11/29 I. Preface The Personal Data Protection Act (below, the “Act”), Article 27, paragraph 3 authorizes all central government authorities in charge of specific industries to formulate regulations regarding security standards and maintenance plans for their concerned industries. Beginning August 27, 2022, Taiwan transferred authority over information services, software publishers, businesses that do retail sales of goods purely via the Internet, third-party payment providers, and other businesses in digital economy industries from the Ministry of Economic Affairs to the newly-established Ministry of Digital Affairs (MODA). Businesses in the digital economy industries collect, process, and use large amounts of important personal data, and therefore bear a relatively heavy responsibility for maintaining the security of personal data. In light of this, and in accordance with the Act, Article 27, paragraph 3, the MODA therefore promulgated the Regulations Regarding the Security Maintenance and Administration of Personal Information Files in in Digital Economy Industries (below, the “Regulations”) on October 12, 2023. These Regulations specify the standards for digital economy industries’ personal data file security maintenance plans and rules governing the handling of personal data following a business termination (below, “security and maintenance plans”, or “SMPs”). These regulations apply to all businesses in the digital economy industries. In order to reinforce responsibility for personal data security maintenance in the digital economy industries, tiered management is applied to businesses at different scales. The key points of these Regulations are introduced below. II. Where the Regulations apply As stipulated in the Regulations, Article 2, the “digital economy industries” that these Regulations apply to refer to any natural person, private juridical person, or other group, that engages in any of the following business operations: 4871 Retail Sale via Internet (industries that engage in retail sales to others via the Internet, but not including television, radio, phone, or other electronic means, nor postal sales); 582 Software Publishing; 620 Computer Programming, Consultancy and Related Activities; 6312 Data Processing, Hosting and Related Activities (industries that engage in processing customers’ data, server & website hosting, and other related services, but not including online audio/video streaming services); 639 Other Information Service Activities; or 6699 Other Activities Auxiliary to Financial Service Activities Not Elsewhere Classified (third-party payment industries, but not including other fund management activities). For the specific industries covered, see Attachment 1 of the Regulations. III. Security maintenance and management measures The relevant measures are stipulated in Articles 3 to 17 of the Regulations. In consideration that the businesses so regulated may collect, process, or use large amounts of personal data as part of their business activities, they bear a larger responsibility for maintaining the security of personal data than does the average enterprise. In compliance with the Regulations, every such enterprise is required to formulate an SMP, the content of which shall comply with the specifications in Articles 5 to 17. This includes putting in place management personnel and relevant resources; defining and inventorying the scope of personal data; risk assessment; putting internal management procedures in place; and other such matters. These Regulations also adopt tiered management for businesses based on their capital levels, in order to reinforcement the frequency at which security maintenance measures are performed. The specific regulations for security maintenance measures are introduced below. 1. Formulating an SMP In accordance with the Regulations, Article 3, and in order to maintain the security of personal data, each enterprise shall, within three months of the date the Regulations take effect, plan and formulate their SMP. Every enterprise shall also cause all staff members to understand and fully implement the SMP. In order to monitor implementation, the MODA may require that each enterprise submit its implementation of SMP; the enterprise shall then submit their implementation status information in written form within the specified time limit. 2. Making the protection policy known internally In accordance with the Regulations, Article 4, and to make sure that everyone in the enterprise comprehends and implements personal data protection, each enterprise shall make its personal data protection policies known to all personnel within the enterprise. Matters that must be explained include Taiwan’s legal regulations and orders on personal data protection; how personal data may only be collected, processed, and used for specific purposes and in a reasonable, secure way; that protective technology must be at a level of security that could be reasonably expected; points of contact for rights relating to personal data; personal data contingency plans; and proper monitoring of outsourced service providers to whom personal data is outsourced. All of this must be done to make sure that every enterprise carries out their duty for comprehensive, continuous SMP implementation. 3. SMP content (1) Putting in place management personnel with relevant resources In accordance with the Regulations, Article 5; in accordance with both the Regulations as a whole and other laws and orders regarding the protection of personal data; and in order to implement personal data protection, each enterprise shall do the following things: Weigh the size and characteristics of their business to reasonably allocate operating resources; take responsibility for the personal data protection and management policy; and formulate, revise, and implement their SMP. Also, the enterprise’s representative or the representative’s authorized personnel shall carry out formulation and revision, in order to make sure that the SMP’s content is fully carried out. (2) Establishing the scope of personal data In accordance with the Regulations, Article 6, in order to define the scope of personal data to be included in the SMP, each enterprise shall periodically check the status of personal data that is collected, processed, or used. (3) Risk assessment and management mechanisms for personal data In accordance with the Regulations, Article 7, in a timely manner, and in accordance with their already-established personal data scopes and the processes in which their business involves the collection, processing, or use of personal data, each enterprise shall evaluate risks that may arise within their scope and processes. Based on the risk evaluation results, each enterprise shall then adopt appropriate security management and response measures. (4) Incident prevention, reporting, and response mechanisms In accordance with the Regulations, Article 8, and in order to reduce/control damages to data subjects resulting from personal data theft, tampering, damage, destruction, leakage, or other such security incidents, each enterprise shall formulate response, reporting, and prevention mechanisms: 1. Response mechanism: Methods to be followed after a security incident has occurred, to reduce/control damages to data subjects, and appropriate ways to notify data subjects after an incident investigation, as well as what such notifications shall contain. 2. Notification mechanism: Post-incident notifications to data subjects, in a form (such as email, text message, phone call, etc.) that makes it convenient for such subjects to learn what has occurred and what the incident handling status is; also, providing data subjects with a hotline or other way of seeking information later on. 3. Prevention mechanism: A post-incident mechanism for discussing and adjusting the prevention measures. Within 72 hours after an enterprise learns that a personal data security incident has occurred, the enterprise shall use Attachment 2, the Enterprise Personal Data Leak Reporting Form, to notify the MODA of matters such as: A description of what caused the incident; an incident summary; the damage status; possible results from the personal data leakage; proposed response measures; proposed method and time for notifying data subjects; etc. Alternately, the enterprise may notify the special municipality or county/city government to then notify the MODA. If the enterprise is unable to report the incident within the time limit or is unable to supply complete reporting information all at once, the enterprise shall attach explanation of the reasons for the delay, or provide the information in stages. After the MODA or the special municipality or county/city government receives a report, they may implement reasonable handling in accordance with Articles 22 to 25 of the Act. (5) Internal management procedures for personal data collection, processing, and usage In accordance with the Regulations, Article 9, in order to ensure that their collection, processing, and use of personal data complies with the laws and orders regarding the protection of personal data, each enterprise shall do the following: Formulate internal management procedures; assess whether the use, processing, or collection of special categories of personal data are involved; assess data subjects’ consent has been obtained; assess whether the legal circumstances create an exemption from the obligation to inform; etc. The internal management measures shall also include providing data subjects with information on their rights in accordance with the Act, Article 3; putting in place mechanisms for ensuring the accuracy of and inquiring regarding personal data; and periodically reviewing whether the specific purposes for collecting personal data still exist or have expired. (6) Limits, notifications, and monitoring for international transfers In accordance with Article 10 of the Regulations and Article 21 of the Act, when an enterprise’s transfer of personal data across a national border affects data subjects to the extent that there is a major national interests concern, the enterprise shall assess whether MODA restrictions apply to the transfer. The enterprise shall also notify the data subjects of the region(s) that the data is transferred to; perform appropriate monitoring of the data recipient; and provide the data subjects with information on their rights in accordance with the Act, Article 3. (7) Data, personnel, and equipment security management measures 1. Data security management measures: In accordance with the Regulations, Article 11, and when personal data is backup, kept confidential, or transferred by various means based on the risk assessment results, each enterprise shall put in place protective measures against abnormal access behaviors. When an enterprise provides information/communication technology services, the enterprise shall also put in place and regularly monitor intrusion countermeasures, abnormal access monitoring and contingencies, anti-malware mechanisms, account password verification, system testing, and other such data security management measures. 2. Personnel security management measures: In accordance with the Regulations, Article 12, each enterprise shall contractually specify the obligation to maintain confidentiality with all staff members; identify personnel who job duties involve collecting, processing, or using personal data; and periodically assess the appropriateness and necessity of personnel’s permissions to access personal data. 3. Equipment security management measures: In accordance with the Regulations, Article 14, and to prevent personal data being stolen, tampered with, damaged, destroyed, or leaked, each enterprise shall put in place appropriate media protection for personal data storage devices. The protection requirements include management measures such as technology, equipment and secured environments that meet a specific level of security. (8) Education and training In accordance with the Regulations, Article 13, each enterprise shall periodically use education and training to ensure that all staff members understand the following things: The laws and regulations pertaining to personal data protection; their personal duties and roles within their scopes of responsibility; and the requirements for all SMP management procedures, mechanisms, and measures. For any enterprise that engages in retail sales via the Internet, their SMP shall include user training and education regarding personal data protection and management; and the enterprise shall also formulate personal data protection rules for compliance. (9) Continuous audit, recording, and improvement mechanisms 1. Data security auditing mechanisms: In accordance with the Regulations, Article 15, each enterprise shall periodically do internal audits of personal data, then put the audit results into an evaluation report that reviews improvements to the enterprise’s protection policy, SMP, etc. If there are any deficiencies, the enterprise shall make corrections. 2. Use of records, tracking data, and retention of evidence: In accordance with the Regulations, Article 16, and as part of carrying out its SMP, each enterprise shall retain a minimum of five years of records on the collection, processing, and use of personal data; tracking data for automated machinery; and evidence of having implemented the SMP. After an enterprise’s operations cease, it shall retain records of the destruction, transfer, or other deletion of personal data for a minimum of five years. 3. Comprehensive, continuous improvement for personal data security maintenance: In accordance with the Regulations, Article 17, any time an enterprise’s SMP is not implemented, the enterprise shall adopt corrective and preventive measures. Also, based on the SMP’s implementation status, its handling methods/implementation status, developments in data technology, adjustments to the enterprise’s business, and changes in the law and regulations, each enterprise shall periodically review and amend its SMP. 4. Tiered management In accordance with the Regulations, Article 18, and to prevent relatively small businesses having to take on excessive personal data management costs, tiered management is applied. For an enterprise with a specific business scale (having capital of NT$10 million or more, or holding 5,000 or more personal data records), stronger security measure implementation is required, namely, the personal data security measures shall be implemented, reviewed, and improved at least once every twelve months. If an enterprise reaches NT$10 million or more in capital after the Regulations take effect, or if an enterprise’s number of personal data records held reaches 5,000 or more as a result of direct or indirect data collection, then within six months of meeting those conditions, the enterprise shall implement and review the improvement measures at least once every twelve months. 5. Outsourced personal data Commercial outsourcing in the digital economy comes in many forms. In light of this, and in order to make clear each enterprise’s security management obligations with regard to the collection, processing, and use of personal data, Article 19 of the Regulations clearly spells out what duties shall be carried out with regard to any outsourcing that touches on personal data. When an enterprise outsources the collection, processing, or use of personal data, it is considered equivalent to the enterprise’s own activity. Thus, the enterprise shall understand and follow the legal orders and regulations on personal data set by the central government authorities in charge of the outsourcing party’s industries. Any oversight responsibilities arising from outsourcing the collection, processing, or use of others’ personal data shall be clearly stipulated in the outsourcing contract or other such documents. IV. Conclusion The Regulations Regarding the Security Maintenance and Administration of Personal Information Files in in Digital Economy Industries are designed to balance development for Taiwan’s digital economy industries with comprehensive, continuous improvement of personal data security maintenance. In pursuit of those goals, the Regulations clarify what each enterprise must do: Plan, formulate, and carry out security maintenance plans for personal data that falls within the bounds of the enterprise’s business; ensure that all staff members receive training on personal data protection; provide personal data subjects with channels to file complaints and seek consultation on their rights; and inform the government authorities in charge of the digital economy about the enterprise’s SMP, including the status of any personal data security incidents. All this is done in hopes that the security measures will continuously improve the security of personal data in Taiwan’s digital economy industries.

From the Expansion of WAGRI, Japan's Agricultural Data Collaboration Platform, into a Smart Food Chain to Discuss Smart Measures in Responding to the Pandemic

From the Expansion of WAGRI, Japan's Agricultural Data Collaboration Platform, into a Smart Food Chain to Discuss Smart Measures in Responding to the Pandemic Yu Yu Liu I. Introduction   For the past few years, Taiwan has been progressively developing smart agriculture. During this process, general agricultural enterprises and farmers are challenged with and discouraged by expensive equipment installations and maintenance costs. The creation of a new business model which facilitates the circulation and application of agricultural data may lower the threshold of intellectualization acquisition, and become the key to the popularization and implementation of smart agriculture. This article shall analyze the strategy of promoting the use of data circulation for smart agriculture in Japan, which has a similar agricultural paradigm as Taiwan, and provide a reference for the development of smart agriculture in Taiwan.   Japan is facing the same problems as Taiwan, in terms of the aging farmers and low birth rates, that lead to the lack of successors. The Japanese government proposed the concept of Society 5.0 in 2016, expecting to use information and communication technology (ICT) to drive the development of various fields of society[1]. In the agricultural field, the use of ICT in agriculture can facilitate the transmission of experience by turning the tacit knowledge of experienced farmers into externalized data.   At that time, there were many ICT system service technologies developed by private companies In Japan, but the system services provided by various companies were not compatible with each other due to the lack of collaboration, and the data formats and standards produced by ICT system providers were varied; furthermore, the data in the public sector (research and administrative agencies) was also divided and managed independently. To facilitate the integration, management, and circulation of agricultural data, the Japanese Agricultural Data Collaboration Platform (WAGRI[2]) was born. II. The Development of WAGRI 1. Japan's Prime Minister directed the construction of a data platform   The Japanese government held the 6th Future Investment Conference[3] on March 24, 2017, chaired by Prime Minister Shinzo Abe, who mentioned that in order to cultivate safe and tasty crops, the government and the private sector should provide each other with updated information on crop growth conditions, climate, maps, etc., and build an information collaboration platform that can be easily used by anyone by mid-2017, with all the necessary data fully disclosed. The project was handed over to the IT General Strategy Headquarters[4] to realize the above-mentioned platform.   At the 10th Future Investment Conference, held on June 9, 2017, the Future Investment Strategy 2017[5] was announced with the goal of realizing "Society 5.0". During the conference, it was mentioned that the "Japanese Agricultural Data Collaboration Platform (hereinafter referred to as WAGRI), which is based on publicly available information from the agriculture, forestry, and water industries, such as agricultural, topographical, and meteorological data held by the public sector, that can be shared and used for a variety of purposes, would be constructed in 2017. 2. The Trial Run of WAGRI   WAGRI is supported by the Cabinet Office's Phase 1 of the Strategic Innovation Promotion Program (SIP), under one of the 11 projects entitled "Next Generation Innovation Technologies for Agriculture, Forestry and Water Industries"17[6] (which is managed by The National Agriculture and Food Research Organization [NARO]17[7]). The platform was constructed by the SFC Research Institute of Keio University17[8] in collaboration with an alliance of 23 organizations that participate in SIP research, including agricultural production corporations, agricultural machinery manufacturers, ICT providers, universities, and research institutions (e.g., Japanese IT companies NTT - Nippon Telegraph and Telephone Corporation, Fujitsu Limited, major agricultural machinery manufacturer- Kubota Corporation, Yanmar Holdings Co., Ltd.)17[9]. WAGRI has three major functions: "cooperation" (breaking down the barriers between different systems so that data is compatible and interchangeable), "sharing" (data is shared in a way chosen by the providers, so as to facilitate the establishment of a business model for data exchange and use), and "provision" (soil and meteorological data are provided by public and private sectors to help facilitate data acquisition and subsequent circulation). During the trial run, there were practical cases that demonstrated that after the implementation of WAGRI, the costs of labor and time spent on data collection and utilization had been significantly reduced17[10]. 3. The Independent Operation of WAGRI   In April 2019, WAGRI, which was originally supported by the SIP program, was transferred to NARO to be the main operating body and officially start the operation.   With the updated use of the information required to operate the WAGRI platform independently, starting in April 2020, the original no-fee approach has been changed. Organizations wishing to use WAGRI are required to pay variable fees according to the following two methods of using the platform [11]: (1)Data users (those who use WAGRI data), data users-and-providers (those who use WAGRI data and provide data to WAGRI) ·Monthly fee of 50,000 yen for platform use. ·If fee-based data is accessed, a separate data usage fee must be paid. (2)Data providers (those who provide data to WAGRI) ·Monthly fee of 30,000 yen for platform use. ·Proviso: If the data provided is free of charge, in principle, there is no requirement to pay the platform utilization fee. III. Application of WAGRI’s Expansion in Response to the Pandemic   The Smart Food Chain Alliance[13], which is supported by one of the 12 projects of the SIP Phase 2 program - "Smart bio industry / basic agricultural technology[12]", will expand WAGRI, which was established with the support of the SIP Phase 1 program, to build a smart food chain platform (WAGRI-dev for short).The main mission of the Smart Food Chain Alliance is to build a smart food chain (commercialized services are expected to begin in 2025) that enables the interoperability of data related to food processing, distribution, sales, and exports, to serve as a basis for fresh food logistics in Japan. This platform is built on the framework of WAGRI, and expanded to WAGRI-dev.   In response to the pandemic, the Food and Agriculture Organization of the United Nations (FAO) and the World Health Organization (WHO) jointly issued the "Interim guidance for COVID-19 and Food Safety for competent authorities responsible for national food safety control systems[14]" on April 7, 2020. Based on these guidelines, the Smart Food Chain Alliance of the Japanese SIP program "Smart bio industry / basic agricultural technology" has developed "Guidelines for the Novel Coronavirus (COVID-19) Countermeasures". As part of the above-mentioned program, the "Japanese Food Guidelines Collaboration System (WAGRI.info, in short)"[15] developed countermeasure applications to respond to the pandemic.   WAGRI.info opened its website on July 13, 2020 to accept food safety registrations from food and agricultural product related companies. This registration is not limited to those who meet the COVID-19 countermeasure guidelines, but also those who meet the existing quality and safety management guidelines (e.g. Hazard Analysis and Critical Control Points (HACCP), etc.). It also provides a corporate search function for general public use.   WAGRI.info is a part of WAGRI-dev, and will add various data collaboration functions and measures in the future to prevent data manipulation and unauthorized access. The Japanese government originally expected to build the world's first smart food chain platform that includes data from production to processing, distribution, sales and exporting by expanding WAGRI; in response to the pandemic, related functions were added to create a food safety information network.   In Taiwan, there are also data platforms related to smart agriculture that provide OPEN DATA interface functions[16], and the development of food safety traceability integrated application systems to provide information on the flow of school lunch ingredients. In addition to Japan's WAGRI model of data integration and sharing that, can be used as a model for the development of smart agriculture in Taiwan, WAGRI.info's approach can also be used as a reference for domestic food safety policies, in response to the pandemic. [1]"The Science and Technology Basic Plan", Cabinet Office of Government of Japan website: https://www8.cao.go.jp/cstp/kihonkeikaku/index5.html (last viewed on 07/12/2021). [2]WAGRI is a data platform that consists of a variety of data and services connected to form a wheel that coordinates various communities and promotes "harmony", with the anticipation of leading innovation in the field of agriculture. The word is formed by the combination of WA + AGRI (WA is the Japanese word for harmony + AGRI for agriculture). WAGRI website, https://wagri.net/ja-jp/ (last visited on 07/12/2021). [3]As the command headquarters of the Japanese government for implementing economic policies and realizing growth strategies, the Headquarters for Japan’s Economic Revitalization has been holding a "Future Investment Conference" session approximately every month since 2016, to discuss growth strategies and accelerate social structural reforms, so as to expand future investment. "Headquarters for Japan’s Economic Revitalization", Prime Minister of Japan and His Cabinet website, http://www.kantei.go.jp/jp/singi/keizaisaisei/ (last visited on 07/12/2021). [4]The Japanese government has been actively promoting the use of IT as a means of helping to solve social issues in various fields. In 2000, the IT Basic Act (Basic Act on the Formation of an Advanced Information and Telecommunications Network Society) was enacted in Japan, and in the following year, the IT Strategy Headquarters (Strategic Headquarters for the Promotion of an Advanced Information and Telecommunications Network Society) was established in accordance with the said laws. In 2013, in accordance with the Government Chief Information Officer (CIO) Act, the Cabinet Secretariat established the position of Deputy Chief Cabinet Secretary for Information Technology Policy (Government CIO, in short), and IT Strategic Headquarters was integrated with the GCIO to be the IT Comprehensive Strategy Headquarters (Strategic Headquarters for the Promotion of an Advanced Information and Telecommunications Network Society, IT Comprehensive Strategy Headquarters) to rapidly promote the key policies for an advanced telecommunications network society, and to break the vertical gap of the ministries and departments, and to connect the entire government horizontally. "Strategic Headquarters for the Promotion of an Advanced Information and Telecommunications Network Society" (IT Comprehensive Strategy Headquarters), Prime Minister of Japan and His Cabinet website, https://www.kantei.go.jp/jp/singi/it2/ (last visited on 07/12/2021). [5]Hsu, Yu-Ning, "The 10th Future Investment Conference, held at the Prime Minister's Residence of Japan, proposing Japan's "Future Investment Strategy 2017”, to realize "Society 5.0" as its goal", Science & Technology Law Institute website, https://stli.iii.org.tw/article-detail.aspx?no=64&tp=1&i=72&d=7844, (last visited on 07/12/2021). [6]Focusing on the important issues of "Society 5.0" in conjunction with the key areas of governance of the Future Investment Conference, the Cabinet Office set up an annual budget for science and technology to help create and promote the "Strategic Innovation Promotion Program (SIP)". The first phase of the SIP is a five-year program running from FY2014 to FY2018. "Strategic Innovation Promotion Program (SIP)", Cabinet Office website, https://www8.cao.go.jp/cstp/gaiyo/sip/index.html (last visited on 07/12/2021). Qiu, Jin-Tien (2017), "Technology Innovation Strategy for Realizing the Super Smart Society (Society 5.0) in Japan", National Applied Research Laboratories website, https://portal.stpi.narl.org.tw/index/article/10358 (last visited on 07/12/2021) [7]The National Agriculture and Food Research Organization, NARO in short, is a national research and development corporation for agricultural and food industry technology. [8]The SFC Research Institute, located on the Shonan-Fujisawa campus of Keio University, is a research institute affiliated with the Graduate School of Policy and Media Studies, the Department of General Policy, and the Department of Environmental Intelligence, and is an important research institute involved in the development of smart agriculture in Japan. Professor Atsushi Shinjo is the research director of WAGRI, and he is also the Deputy Government CIO of the Cabinet Secretariat and the Acting Director of the IT Strategy Office, contributing to the creation of the "Agricultural Information Creation and Distribution Promotion Strategy". He also serves as the President of the WAGRI Council and the Director of NARO's Agricultural Data Collaboration, and facilitates the coordination between WAGRI and Japan's smart agriculture empirical Project. He is a key player in the Japanese government's efforts to promote the flow of agricultural data, and is committed to promoting the development of smart agriculture in Japan. Keio Research Institute at SFC website, https://www.kri.sfc.keio.ac.jp/ (last visited on 07/12/2021). [9]IoTNEWS, Building an ‘Agricultural Data Collaboration Platform’ Using Microsoft Azure Through Industry-government-academia Collaboration to Realize Digital Agriculture" 05/15/2017, https://iotnews.jp/archives/56366 (last visited on 07/12/2021). [10]Shinjo, Atsushi, "ICT changes society: Development of agricultural data collaboration platform and future plans, Technology and Promotion : Journal of the National Council of Agricultural Promotion and Staff Council Organization, December, pp. 24-26 (2017); Technology Policy Office, Ministry of Agriculture, Forestry and Fisheries, "Construction of agricultural data collaboration platform", 2018/09,http://www.affrc.maff.go.jp/docs/smart_agri_pro/attach/pdf/smart_agri_pro-15.pdf .(last visited on 07/12/2021). [11]"The Use of the Agricultural Data Collaboration Platform (WAGRI) Since FY2019", NARO website https://www.naro.go.jp/project/results/juten_fukyu/2018/juten01.html (last visited on 07/12/2021). , NARO website https://www.naro.affrc.go.jp/laboratory/rcait/wagri (last visited on 07/12/2021). [12]Same as Note 6; The SIP Phase 2 plan runs for a total of approximately five years, from the end of FY2017 to FY2022. [13]The construction of a smart food chain is one of the main research topics of the project. The members of the Smart Food Chain Alliance include: the Cabinet Secretariat, the Cabinet Office, the Ministry of Agriculture, Forestry and Fisheries, and other government organizations as observers, and more than 70 organizations as participants, including local governments, academic and research institutions, agricultural production corporations, wholesale markets, mid-marketers, logistics industries, retail businesses, manufacturers, and ICT providers (The representative of the Alliance is the Keio Research Institute at SFC), reference Note 13. SIP vol. 2, [Symposium on "Smart Bio-industry and Agricultural Technology" 2020 - Aiming to build a new smart food chain] 03/10/2020, WAGRI website, https://wagri.net/ja-jp/News/generalnews/2020/20200310 (last visited on 07/12/2021). [14]See FOOD AND AGRICULTURE ORGANIZASTION OF THE UNITED NATIONS [FAO], COVID-19 and Food Safety: Guidance for Food Businesses: Interim guidance (Apr. 7, 2020), http://www.fao.org/family-farming/detail/en/c/1275311/ (last visited Oct. 8, 2020). Food and Agriculture Organization of the United Nations and World Health Organization jointly issued Interim guidance for COVID-19 and Food Safety for competent authorities responsible for national food safety control systems, Chinese Academy of Inspection and Quarantine, http://www.caiq.org.cn/kydt/902625.shtml (last visited 07/12/2021). [15]WAGRI.info Office, "WAGRI.info (Food Guideline Collaboration System) website launched and began accepting business registration", 07/13/2020, https://kyodonewsprwire.jp/release/202007131927 (last visited on 07/12/2021). Japanese Food Guideline Collaboration System WAGRI.info website, https://www.wagri.info/ (last visited on 07/12/2021). [16]Smart Agriculture Common Information Platform Website, https://agriinfo.tari.gov.tw/ (last visited 07/12/2021); "Smart Agriculture 4.0 Common Information Platform Construction (Phase II) Results Presentation", 12/12/2019, Smart Agriculture Website, https://www.intelligentagri.com.tw/xmdoc/cont?xsmsid=0J141518566276623429&sid=0J338358950611186512, (last visited on 07/12/2021).

TOP